Confusion swirled Tuesday about whether Russian hackers tried to access Wisconsin voter registration data in 2016, as new information from the U.S. Department of Homeland Security says the attempts instead were directed at another state agency.
An email to the state Elections Commission from Homeland Security official Juan Figueroa was released by the commission Tuesday. It says a state IP address that was targeted last year is linked to the state Department of Workforce Development.
That differs from an account given Friday by the elections commission, based on information received that day in a call with Homeland Security officials.
It said scanning for security vulnerabilities by Russian cyber-actors in 2016 was directed at Wisconsin’s “Internet-connected election infrastructure,” likely as part of a bid to access the voter registration database.
The commission’s administrator, Michael Haas, confirmed Tuesday that Homeland Security officials were clear in the Friday phone call that Wisconsin’s voter database was targeted.
“Either they were right on Friday and this is a cover-up, or they were wrong on Friday and we deserve an apology,” commission chairman Mark Thomsen said of the new information offered Tuesday by Homeland Security.
Homeland Security officials said in a statement late Tuesday that the department “stands by its assessment that Internet-connected networks in 21 states were the target of Russian government cyberactors seeking vulnerabilities and access to U.S. election infrastructure.”
“It’s important to point out that discussions of specific IP addresses do not provide a complete picture of potential targeting activity,” said Homeland Security spokesman Scott McConnell.
McConnell did not immediately respond Tuesday to a State Journal inquiry about whether the department still believes Russian hackers sought access to Wisconsin election systems.
The state’s IT agency, the Division of Enterprise Technology, also told state elections commissioners Tuesday that the scanning attempts were directed at Department of Workforce Development systems. The agency said it can’t confirm the origin of those attempts.
Still, it remained unclear Tuesday if the attempts were made with the objective of accessing voter files.
Elections commission spokesman Reid Magney said the same hackers that sought vulnerabilities in Workforce Development systems tried to access election systems in other states. He said it’s possible they were also trying to target election systems in Wisconsin but simply “missed the target.”
Russian cyberactors might have thought accessing Workforce Development systems would help them access voter files, said Barry Burden, a UW-Madison professor and elections expert.
Asked Tuesday if that were possible, Steve Michels, a spokesman for the Division of Enterprise Technology, said it “locks and audits the state system in a way that prevents this from occurring.”
State notified in 2016
A timeline provided by the division Tuesday said it was notified in October 2016 of a “suspicious traffic from a known malicious IP related to voter and election compromises.” The notification came from the Multi-State Information Sharing and Analysis Center, a nonprofit that partners with Homeland Security and others to guard against cyberthreats.
The state IT agency says it investigated the matter and found “the traffic attempted to access a nonexistent server” at Workforce Development on July 30 and July 31. The suspicious IP address was blocked on Aug. 2, 2016, and “the scan had no effect on any state system and no data was exfiltrated,” Michels said.
The U.S. intelligence community consensus is that Russia interfered in the 2016 U.S. election with the intent of helping elect Republican Donald Trump and undermine U.S. faith in its elections. The U.S. agencies found Russian operations included supporting the hacking of email systems of the U.S. political parties and relaying the emails to WikiLeaks, which later published hacked emails from the Democratic National Committee.
Homeland Security officials revealed in June that they had “evidence of election-related systems in 21 states that were targeted” but did not say which ones. On Friday, it notified the states that were affected.
In most states, the hacking attempts were unsuccessful. But in Illinois, hackers successfully accessed voter information.
Voter registration systems are separate from those that actually count votes. But they still could be a tempting target for someone seeking to tamper with election results.
Someone who accessed voter-registration rolls conceivably could try to alter or delete them, creating chaos on Election Day, Burden said.
Speaking at Tuesday’s meeting before the commission was advised of the latest message from Homeland Security, commission chairman Thomsen publicly apologized for what he described as a belated acknowledgement of attempts to hack state elections systems in 2016.
In June, Haas testified to the U.S. Senate Intelligence Committee that “we have not been told … that there was an attack in Wisconsin.” Haas added that the commission would “likely be able to detect” any attempt to gain access to the state’s election system.
Tuesday’s elections commission meeting included discussion of how to bolster state election cyber defenses in 2018 and beyond. Thomsen said he hopes the commission will hold a special meeting in the near future to discuss the matter further.